URL: github.com/danielmiessler/SecLists/tree/master/Passwords
Pro tip: Look for the rockyou-withcount.txt file inside SecLists—it preserves the original frequency counts from the 2009 breach, allowing you to prioritize the top 10,000 most common passwords.
Passwords evolve. In 2009, iloveyou was common. Today, variations like Iloveyou2024 or LoveSummer23! appear more often. An updated wordlist helps:
Without updates, you’re essentially testing against 2009 password habits – which misses many modern weak passwords.
The original list lacks passwords from the last 15 years. You won’t find Summer2024!, BlueJay$23, or ElonMuskFan. Modern users incorporate current events, sports champions, and streaming services into passwords. An un-updated RockYou misses these entirely.
The RockYou wordlist has evolved from a single 2009 data breach into a massive, multi-billion-entry compilation that remains a cornerstone of cybersecurity testing. On platforms like GitHub, users maintain various versions of this list, ranging from the classic original to the recent, controversial RockYou2024 and RockYou2025 iterations. The Evolution of RockYou RockYou2024 Password List | CyberMaxx
The Evolution of RockYou: From 14 Million to 10 Billion Passwords
If you’ve ever touched a security tool like John the Ripper or Hashcat, you’ve likely seen rockyou.txt. What started as a 2009 data breach of 32 million unencrypted passwords has evolved into a massive, multi-billion-entry standard for security professionals. The Journey of a Legend
The original list contained roughly 14.3 million unique passwords. Over the last decade, it has seen several major "updates" that aggregate dozens of subsequent data leaks:
RockYou2021: This version exploded to approximately 8.4 billion unique entries, making it a massive 91GB file.
RockYou2024: The latest major update reached nearly 10 billion records (9,948,575,739 to be exact), adding 1.5 billion new entries from recent leaks. Where to Find it on GitHub the rockyou wordlist github updated
While the full files are often too large for GitHub's standard file limits, several repositories offer tools and subsets:
vschwaberow/rockyou2024: A high-speed C++ helper that lets you search the 10-billion-line wordlist even while it is still zipped.
hkphh/rockyou2024.txt: Provides a "clean" printable version of the 2024 list (approx. 1.7 billion lines) for easier processing with standard tools.
josuamarcelc/common-password-list: Maintains the classic rockyou.txt and has been updated as recently as late 2025. Why This Matters for You RockYou2025: 16 Billion Passwords Leaked Worldwide
The RockYou wordlist is a foundational tool in cybersecurity, containing millions of real-world passwords leaked in a 2009 breach . While the original file contained 14.3 million entries, it has since evolved through massive community-driven updates into versions like RockYou2021, RockYou2024, and the recent RockYou2025 . 📈 Evolution of the Wordlist
Modern iterations on platforms like GitHub and hacking forums have expanded the original list by aggregating data from thousands of subsequent breaches.
RockYou (Original): ~14.3 million passwords (32 million total records) . RockYou2021: Expanded to 8.2 billion unique entries .
RockYou2024: Added 1.5 billion records from recent leaks, totaling 10 billion entries .
RockYou2025: Reported to contain over 16 billion unique credentials, following a massive global data dump in June 2025 . 📂 Key GitHub Repositories
Since GitHub has a 100MB file size limit, large wordlists (some exceeding 90GB) are often split into smaller parts or compressed . URL: github
josuamarcelc/common-password-list: A popular repository containing the classic rockyou.txt used for general security testing .
vschwaberow/rockyou2024: Features a C++ helper tool to search the 10 billion record 2024 list without decompressing large archives .
six2dez/OneListForAll: Combines RockYou with other lists for web fuzzing and enumeration .
247arjun/rockyou: Provides the main list split into smaller, manageable files for easier downloading . ⚠️ Security and Usage
These wordlists are primarily used by penetration testers to check for password strength and by researchers to analyze common user habits . Rockyou2024 analysis: Mega password list or just noise?
The search for an updated "RockYou" wordlist reveals a lineage that has evolved significantly from the original 2009 breach of 14 million passwords
. The current "gold standard" for updated lists in the cybersecurity community is RockYou2024 , which boasts nearly 10 billion unique records
Below are the most notable updated versions and tools available on GitHub for 2024 and 2025: 1. RockYou2024 (The "Ultimate Amalgamation")
This version is the most significant update, adding 1.5 billion new records to the previously massive 2021 compilation. Total Records : Approximately 9.95 billion unique passwords. : Compiled from recent data breaches and leaked databases. Search Tool vschwaberow/rockyou2024
provides a high-speed C++23 utility to search through this massive list even while it is still zipped, which is crucial since the uncompressed file is roughly 150 GB. 2. RockYou2025 (Latest Evolution) Pro tip: Look for the rockyou-withcount
Reports from mid-2025 indicate a further expanded list known as RockYou2025 , which allegedly contains 16 billion passwords GitHub Repository josuamarcelc/common-password-list
repository has been updated as recently as August 2025 with files named rockyou_2025_00.txt
: This version reportedly includes data from high-profile breaches at companies like Samsung and various government entities. 3. Comprehensive Collections (SecLists & Others)
For users who need more than just one giant file, these repositories maintain curated and structured wordlists: danielmiessler/SecLists
repository remains the industry standard for curated lists, including various versions of RockYou and common credentials. OneListForAll six2dez/OneListForAll
repository combines several major wordlists (including RockYou) specifically optimized for web fuzzing and directory discovery. Kali Linux Defaults official wordlists package on Kali Linux includes the classic rockyou.txt.gz as a baseline for all installations. Comparison of Wordlist Versions Approximate Record Count Key Feature RockYou (Original) 14.3 Million The historic baseline from the 2009 breach. RockYou2021 8.4 Billion First massive multi-source compilation. RockYou2024 9.9 Billion The current widely-used standard for modern breaches. RockYou2025 16 Billion The newest, most expansive leak compilation. wordlists | Kali Linux Tools
Here’s a blog post draft on the updated RockYou wordlist available on GitHub.
If you are using Kali Linux or a standard terminal, you can often grab the file directly using wget or curl if you find a raw link.
Warning: Always check the file size. The compressed RockYou list is roughly 60MB. The uncompressed version is roughly 135MB. If the file is gigabytes in size, you are downloading a different list.